Hi Radu, On 8/29/2017 6:43 PM, Radu Nicolau wrote:
Probably the best way will be to have a chain of transforms, I will follow up in the next patchset.@@ -70,9 +70,9 @@ struct rte_security_ipsec_tunnel_param { } ipv4; /**< IPv4 header parameters */ struct { - struct in6_addr *src_addr; + struct in6_addr src_addr; /**< IPv6 source address */ - struct in6_addr *dst_addr; + struct in6_addr dst_addr; /**< IPv6 destination address */ uint8_t dscp; /**< IPv6 Differentiated Services Code Point */ @@ -171,6 +171,12 @@ struct rte_security_ipsec_xform { uint8_t *data; /**< pointer to key data */ size_t length; /**< key length in bytes */ } auth_key; + enum rte_crypto_aead_algorithm aead_alg; + /**< AEAD Algorithm */ + struct { + uint8_t *data; /**< pointer to key data */ + size_t length; /**< key length in bytes */ + } aead_key;I believe it would be better to use a union here. union { struct { enum rte_crypto_cipher_algorithm cipher_alg; /**< Cipher Algorithm */ struct { uint8_t *data; /**< pointer to key data */ size_t length; /**< key length in bytes */ } cipher_key; enum rte_crypto_auth_algorithm auth_alg; /**< Authentication Algorithm */ struct { uint8_t *data; /**< pointer to key data */ size_t length; /**< key length in bytes */ } auth_key; }; struct { enum rte_crypto_aead_algorithm aead_alg; /**< AEAD Algorithm */ struct { uint8_t *data; /**< pointer to key data */ size_t length; /**< key length in bytes */ } aead_key; }; };
Will it be chain of crypto xforms? If yes, then we may not be needing the fields like iv and digest length and op will need to assigned twice.
